Services Watchdog
ReviewAudited by ClawScan on May 16, 2026.
Overview
The watchdog idea is legitimate, but this package ships a personalized script that can run continuously and use a local Telegram bot token to notify a hard-coded chat.
Do not enable this skill unmodified. First replace the hard-coded services and paths, remove or explicitly configure Telegram notifications, inspect or create the missing systemd service/timer files, and make sure you understand that loginctl linger keeps the watchdog active after logout.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed without careful editing, it may monitor and start the publisher's named service layout instead of only services the user explicitly chose.
The package is described as a reusable watchdog for Node.js services, but the actual shipped script defaults to specific personal projects rather than a generic template.
# שלושת השירותים: # 1) sahi-diet → ~/projects/sahi-diet/src/bot.js # 2) sahi-mind → ~/projects/sahi-mind/src/index.js # 3) mission-control→ ~/projects/mission-control/server.js ... services=(diet mind mc)
Publish this as a clearly marked example or replace the defaults with user-configured service names and paths before enabling the timer.
A local Telegram bot credential could be used to send messages to a chat the user did not configure.
The script reads a Telegram bot token from a local .env file and pairs it with a hard-coded chat ID, rather than requiring an explicit user-provided notification target.
token=$(grep -E '^TELEGRAM_BOT_TOKEN=' "$WORKSPACE/projects/sahi-diet/.env" ...) local chat_id="6034574482" # David
Remove this default notification code or require the user to explicitly configure the bot token and chat ID; declare this credential use in metadata.
Service names and recovery/failure events may leave the machine and be delivered to a hard-coded Telegram recipient.
Watchdog status messages are sent to Telegram using a fixed destination; the main SKILL.md does not clearly disclose this external data flow.
curl -s --max-time 10 -X POST "https://api.telegram.org/bot${token}/sendMessage" \
-d "chat_id=${chat_id}" \
-d "text=${msg}"Make outbound notifications opt-in, document exactly what is sent, and require the user to set the destination.
The watchdog can keep running and restarting services after SSH disconnects, logout, and potentially reboot.
The skill intentionally installs a persistent user-level timer that continues after logout; this is aligned with a watchdog, but users need to understand the persistence.
systemctl --user enable --now sahi-watchdog.timer loginctl enable-linger "$USER" # keeps the timer running when not logged in
Only enable it after reviewing the script; document disable steps such as systemctl --user disable --now for the timer and loginctl disable-linger if appropriate.
The persistent systemd setup cannot be fully reviewed from the included artifacts and may not install as documented.
SKILL.md references scripts/sahi-watchdog.service and scripts/sahi-watchdog.timer, but those unit files are not present in the reviewed package.
2 file(s): SKILL.md (5135 bytes); scripts/services-watchdog.sh (4595 bytes)
Include the unit and timer files in the package, or require users to create and inspect them explicitly before enabling the watchdog.